How To Enable SSL Encryption with Database Gateway for DRDA (DG4DRDA) 11.2
Last updated on MAY 13, 2015
Applies to:Oracle Database Gateway for DRDA - Version 22.214.171.124 to 126.96.36.199 [Release 11.2 to 12.1]
Information in this document applies to any platform.
This note describes how to configure a SSL encryption between the Oracle DRDA 11.2 gateway and a DB2 database.
The first prerequisite is to have SSL enabled for the DB2 database running on z/OS, IOS or LUW. Please get in touch with IBM support how to enable SSL encryption for your DB2 database release.
To verify a SSL connection to the DB2 database the OPENSSL utility -commonly installed by default on Linux/Unix machines, but also available from openssl.org for many different platforms- can be used:
openssl s_client -connect <host of the DB2 database>:<SSL Port> -state -debug -msg
Another prerequisite is to have the 188.8.131.52 (or above) DRDA gateway release. For 184.108.40.206 the SSL libraries are available from My Oracle Support for some platforms as patch 9154914.
But before configuring the gateway, please configure the DRDA 11.2 gateway without SSL and verify the connection.
Also please decide wether a TRUSTSTORE will be used or not.
By default the gateway uses a PKCS12 truststore to store certificates, but it can be configured also use the server certification only.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms